Overview

overview

7

Static

static

f27bc65f73...be.exe

windows7-x64

7

f27bc65f73...be.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    183s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 20:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe

  • Size

    314KB

  • MD5

    cb2d3977394ee26e56249da5e80b2348

  • SHA1

    f4ec457c581253a3b67e0f04d1bf3ce9845b9c13

  • SHA256

    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe

  • SHA512

    7b1b2378afbe574b720d2eb35f7700b22c9ca1198b5274de698c20a79e41c34e23a25147e6e2716f06be04ce3759f866dcb1862a4399962693871288051a6048

  • SSDEEP

    6144:Sr5bUzkuvcBYC47l2xGnV6OjJaV490B6lKPk3JDEbk0teSVtH:SrqkuveY3RnV6c800oIpbv0SVtH

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    "C:\Users\Admin\AppData\Local\Temp\f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:4248

Network

  • flag-unknown
    DNS
    r1.homebestmy.info
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.homebestmy.info
    IN A
    Response
  • flag-unknown
    DNS
    c1.setepicnew.info
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.setepicnew.info
    IN A
    Response
  • flag-unknown
    DNS
    r2.homebestmy.info
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.homebestmy.info
    IN A
    Response
  • flag-unknown
    DNS
    c2.setepicnew.info
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.setepicnew.info
    IN A
    Response
  • flag-unknown
    DNS
    c1.setepicnew.info
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.setepicnew.info
    IN A
    Response
  • flag-unknown
    DNS
    c2.setepicnew.info
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.setepicnew.info
    IN A
    Response
  • flag-unknown
    DNS
    c1.setepicnew.info
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.setepicnew.info
    IN A
    Response
  • flag-unknown
    DNS
    c2.setepicnew.info
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.setepicnew.info
    IN A
    Response
  • flag-unknown
    DNS
    96.108.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.108.152.52.in-addr.arpa
    IN PTR
    Response
  • 93.184.221.240:80
    46 B
     40 B
     1
    1
  • 8.238.21.126:80
    322 B
     7
  • 20.42.65.90:443
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 8.8.8.8:53
    r1.homebestmy.info
    dns
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    64 B
     143 B
     1
    1

    DNS Request

    r1.homebestmy.info

  • 8.8.8.8:53
    c1.setepicnew.info
    dns
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    64 B
     143 B
     1
    1

    DNS Request

    c1.setepicnew.info

  • 8.8.8.8:53
    r2.homebestmy.info
    dns
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    64 B
     143 B
     1
    1

    DNS Request

    r2.homebestmy.info

  • 8.8.8.8:53
    c2.setepicnew.info
    dns
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    64 B
     143 B
     1
    1

    DNS Request

    c2.setepicnew.info

  • 8.8.8.8:53
    c1.setepicnew.info
    dns
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    64 B
     143 B
     1
    1

    DNS Request

    c1.setepicnew.info

  • 8.8.8.8:53
    c2.setepicnew.info
    dns
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    64 B
     143 B
     1
    1

    DNS Request

    c2.setepicnew.info

  • 8.8.8.8:53
    c1.setepicnew.info
    dns
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    64 B
     143 B
     1
    1

    DNS Request

    c1.setepicnew.info

  • 8.8.8.8:53
    c2.setepicnew.info
    dns
    f27bc65f73e4b0aae42c53ba9cf217a5ed2887451bda2f608c8a9f9569b2afbe.exe
    64 B
     143 B
     1
    1

    DNS Request

    c2.setepicnew.info

  • 8.8.8.8:53
    96.108.152.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    96.108.152.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Tsu72D9C048.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{CC811907-82F1-43A7-A14C-CAD317623BF1}\Custom.dll
    Filesize

    91KB

    MD5

    a7245bbd05aa5bee1f34b4c4de90c672

    SHA1

    94a148f9b49af78576e9915ad143b17c1d5514e7

    SHA256

    1f749e2a9a754223f0609a4c8c91af2f2771ed52dfd0680fc4ad3c91877c3bc8

    SHA512

    9a395e62a2ab8d096d293eb8d5bc24b91debfc8efe394848dd020987937ea8922b41967cc38bf8f4f8af0c386f1d8c7e31432564146120643d83e33c1904ef8f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{CC811907-82F1-43A7-A14C-CAD317623BF1}\_Setup.dll
    Filesize

    173KB

    MD5

    f5b9122162a09af65e175de7bfe9c3e8

    SHA1

    5456548923f763866aae993914b3c96f9f694bce

    SHA256

    250d2be5a8eeef8d991fd5790e4b191c9fe1328739f5ded8920bf9aeae8b26db

    SHA512

    154732149c7d72f32d5a42019221ddb85b996441d3d7793ec04ac21696d66e0186e2165c58901f13e07611366074a1e1dc7ee3e1f87df9eeffa3c402a9a2567f

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.